Privacy problem has escalated in new challenging environment of cloud and big data. Widespread use of social networking sites has increased the opportunity of privacy exposure. In the online world, data has become equivalent to currency of the real world. Search engines, e-commerce sites, online social networks, advertisers, fraudsters, spammers etc. are in thirst of data of users, more specifically Personally Identifiable Information (PII), which can be used for genuine as well as malicious purposes. With the outburst of social apps, mobile apps and cloud based frameworks, assuring privacy on the modern web is a challenging task.
In most cases, sharing of user's data by a website to its partners is subjected to legal terms and conditions of the site. Once data moves from a user's browser to the internet, there is no mechanism to track the data or detect possible privacy violation. To an extent, some applications contribute towards protection of privacy by preventing third party cookies from following users on the web or by providing means to clean public databases via their API's (Application programing interface). However, these techniques do not assist in detecting how user's data has been leaked to the public or which site violated their privacy agreement.
In today's digital era, online presence has become a commonplace. Almost all activities of the real world such as collaboration, shopping, discussions, banking etc., have moved online and many of them require personal information of end users. With privacy being a clear threat, it is only recently that companies started focusing on privacy preserving applications. Since online privacy failures can occur at several places right from visible IP address, unencrypted traffic, insecure applications, online social networks etc., there are technologies which attempt to protect privacy in each of these specific areas, which are different from the present disclosure.
A service called BurnNote™ allows users to send self-destructing data to other users online, so that sensitive information is not stored in emails or leaked to the web. Tor browser bundle allows users to browse the web anonymously by encrypting network traffic and routing through complex network nodes. There are (virtual private network) VPN clients which provide anonymous browsing capabilities, suitable for connecting to unsecured Wi-Fi hotspots.
There are several applications for mobile devices which analyze the permissions required by each of the installed applications and report if there is any escalation of permissions in each case.
There are certain browser extensions which route information through proxy servers so that third party cookies (which track users) can be blocked. There are browser extensions designed to help users in understanding and taking control of the data they share on specific sites such as Facebook™, Twitter™, and Gmail™ etc. Also, there are tools which help users in understanding who can see their profiles on social networks like Facebook™ and what data will be visible to the public. Though not a privacy protection feature, web browsers store a history of sites visited by users, sometimes along with form data, and this may be used for manual inspection of visited sites.
The drawbacks of the above mentioned prior art is that there are no systems or methods to track information submitted on webpages and check against it later to detect privacy violations. Existing technologies may have feature to store submitted pages but data field's storage cannot be selective or personalized. Existing methods of page information storing even retains the submitted data. Storage of this information or sharing it to third party could lead to privacy violations.
In the present era of web based services, users provide personal information to many websites. It's practically challenging to keep track of these sites and data fields submitted to them manually.
The browser's native history maintenance technique resembles the functionality of privacy tracker database of the present disclosure to some extent. However, it is designed only to assist users in navigation and not as a privacy tracking or privacy violation detecting mechanism. Even otherwise, it has shortcomings such as: The “Clear History” option in browsers completely erases all browsing history of users. Reinstalling browsers will erase browsing history information. Since history data is stored locally in the machine, it is not available when users change their machines or it cannot be segregated when multiple users use the same machine.
Some existing applications contribute towards privacy protection by preventing third party cookies from following users on the web or by providing means to clean public databases via their APIs. Techniques such as self-destructing emails, anonymous browsing, data encryption, analysis of privileges in mobile devices etc. contribute towards privacy preservation. However, these techniques neither assist in detecting how user's data leaked to the public nor inform which site violated their privacy agreement.
The existing methods or products are designed to work specific to each context. Some products target removal of third party cookies which keep tracking users on the web. Some products track privacy breaches specific to Facebook™ while some other products target data queried only by search engines. Most of these solutions are tightly coupled with the configurations specific only to a certain set of popular websites or channels. They do not answer important questions such as how the data got leaked to the public or which party has violated user's privacy by sharing data with third parties.
The present disclosure addresses the problem of detection of privacy violation on the internet. It alerts the user when such a violation takes place so that the user can take suitable actions.
The present system does not have any tightly coupled configuration with any websites.
Also restriction to specific sites with respect to detecting privacy violations is not provided in the present system. Since the privacy information database is based on cloud, it is highly scalable and does not have any limit on the amount of data that can be processed. With respect to all these factors, the present system improves on existing techniques.
Thus there is a need to provide a system and a method that tracks privacy related information and browsing history of the user, while assisting the user in detecting possible privacy violation. The method of creating user privacy profile, collecting information for submitting data to website and storing in specific format on the cloud and feature of checking the possible privacy violation by submitting data field and matching it with browsing history is found in the present disclosure. Privacy profile update, privacy violations detection and browsing history update is hosted as cloud service in the present system and the user can access this service without dependency on specific browser or machine or location. Thus the present system benefits the user in legal process wherever privacy laws are applicable. User can technically establish who could be the potential privacy law violators.
Therefore the present system helps in creating privacy fingerprint for user by collecting details of web based activity where personal information is shared with third parties. There are possibilities that data collecting agencies or enterprise may share user data to third party for their business benefit, without taking users consensus. If user notice, such information is used by third party and represented on its website, user can identify data collector who might have involved in privacy violation.
Thus it will increase user confidence in services offered over web and help in businesses which collect information as part of their business process to offer more user friendly and trustworthy services.
The present disclosure provides flexible implementation of the system. Privacy tracking can be provided as a service on Cloud, where user can access the service from any browser, machine, location. All details related to browsing history, privacy profile are stored in cloud environment.
In present disclosure, actual data values are not stored or shared with cloud service provider. Only the data field name along with some other browsing details is stored in browsing history database.